Business Intelligence has changed the way we drive commerce. Better informed decisions are delivering

critical competitive advantages, in virtually every sector of enterprise. Executive judgement and analytical

skills have therefore never been as important to a business’s success.


It’s no small wonder then that executives want more access to their data — not just from the office but at

home via a laptop, or even on a mobile device such as the Apple Watch. In 2015, this has given rise to

emergence of mobile business intelligence apps in the cloud, which is a great innovation. However with the

increasing sophistication of cybercrime, there is an increasing security risk that sensitive confidential

information and monetary assets could be the target of hackers.


In recent years hackers have increased the frequency and effectiveness of their attacks by finding and

exploiting the application vulnerabilities within the app code to get at the underlying data. For example they

can manipulate applications to steal or tamper with information by using techniques such as SQL injection

or cross site request forgery.


New application delivery models and platforms (such as a cloud and mobile) and technologies (such as

mobile app programming languages and frameworks) inherently pose new security risks. The application

security technologies and processes have not been developed or matured for them. But the pressure to

push more and more sensitive information to be available on demand will only grow in the next few years.

Enterprises therefore need to protect their information — be it financial or perhaps personal information in

the case of HR professionals. They can only do this by implementing a comprehensive, life cycle approach

to application security and by increasing their investment into security penetration testing. We at Experior

have seen a growing awareness of the amount of sensitive data that is now being viewed and used outside

of the office walls — but there’s still a lot of ignorance on the topic.


Business leaders need to be asking the right questions to their IT provider: How do we stop someone

outside of the company to access the information on mobile? If it’s in the cloud and being called down to a

mobile app, what’s stopping them?


Fortunately, there are application security testing (AST) products (such as those offered as HP, IBM and

Veracode) that are used to analyse apps and test applications for weakness and can be delivered as a tool

or as part of a service. Mobile AST products enable the testing of mobile applications security by testing

web services interfaces and analysing the application behaviour statistically and dynamically to identify the

security risks. Security testing will point to the applications functions that do not follow the enterprise

security rules such as those governing the sharing of corporate information to external locations.


This is an important first step in the battle to make increasingly valuable data available whenever and

wherever it is needed. But there is a long way to go before business intelligence applications for the

enterprise will carry the security promise of a consumer banking application. This is a challenge that is not

going to go away — as more and more data is going mobile. This means the CTO and CISO must start

thinking mobile too. As the perimeter of information expands, so must the security measures they take —

from the application’s conception through to its continued use when it goes live.